Wave Integrating MITRE's Attestation Technique Into Its Endpoint Monitor for
Remediating Advanced Malware
MITRE Details Technique at Black Hat 2013
LEE, MA -- (Marketwired) -- 07/31/13 -- Wave Systems Corp. (NASDAQ:
WAVX), the Trusted Computing Company, announced plans to integrate
The MITRE Corporation's new timing-based attestation technique into
Wave Endpoint Monitor (WEM), the industry's first solution to
leverage industry standard hardware to detect and remediate malware
that can surreptitiously mount attacks before the operating system
loads. MITRE is a not-for-profit organization that provides systems
engineering, research and development, and information technology
support to the government.
With this enhancement, Wave will integrate MITRE's technique that
doubly verifies that the core BIOS hasn't been corrupted. The BIOS is
the first software run by the PC when powered-on and is responsible
for initializing hardware and getting the operating system running.
It also contains the "core root of trust measurement" (CRTM)
software, the first software in the boot trust chain that ends in the
assurance that the computer booted safely.
"MITRE has made a significant contribution to the body of research by
identifying a scenario in which malicious code could be introduced to
the BIOS that would cause it to provide a false reading and allow the
malicious BIOS to indicate the system had not been corrupted," said
Dr. Robert Thibadeau, Wave's Chief Scientist. "MITRE's technique
offers a second control for determining the CRTM does not lie about
itself and any of the rest of the trust chain."
Dr. Thibadeau added, "While BIOS attacks are still fairly rare today
-- less than one percent by many accounts -- they represent a new and
dangerous attack vector, and we're bound to see more in future years
as the more popular preboot targets are secured by our existing WEM
The management of CRTM detection will be incorporated in a module for
WEM, which Wave expects will be production-ready in early 2014 to
meet the expected increase of these attacks. Wave Endpoint Monitor
captures verifiable PC health and security by utilizing information
stored within the TPM. If anomalies are detected, the attack is
controlled, and IT is alerted immediately wi
th real-time analytics.
MITRE research presented at Black Hat 2013
MITRE researchers John
Butterworth, Corey Kallenberg, and Xeno Kovah presented their
research on this vulnerability and technique, "BIOS Chronomancy:
Fixing the Core Root of Trust for Measurement," at Black Hat 2013.
The team's research highlights a vulnerability in which a firmware
rootkit tricks an endpoint's Trusted Platform Module (TPM) chip into
reporting a clean BIOS firmware, when in fact it has been
compromised. MITRE's research shows the importance of using
timing-based attestation systems, which can defend against attackers
who obtain the same privilege levels as the defender. John
Butterworth, a Senior Infosec Engineer at MITRE, adds, "Additional
complexities are imposed on an attacker who tries to conceal a
rootkit in the presence of timing-based attestation; even concealing
the modification of a single byte will trigger a measurable change."
The team's findings come as vendors work to implement BIOS protection
specifications as outlined by the National Institute of Standards and
Technology (NIST) special publication 800-155, published in 2011.
About Wave Systems
Wave Systems Corp. (NASDAQ: WAVX) reduces the
complexity, cost and uncertainty of data protection by starting
inside the device. Unlike other vendors who try to secure information
by adding layers of software for security, Wave leverages the
capabilities built directly into endpoint computing
platforms themselves. Wave has been a foremost expert on this growing
trend, leading the way with first-to-market solutions and helping
shape standards through its work as a board member for the Trusted
About The MITRE Corporation
The MITRE Corporation is a
not-for-profit organization that provides systems engineering,
research and development, and information technology support to the
government. It operates federally funded research and development
centers for the Department of Defense, the Federal Aviation
Administration, the Internal Revenue Service and Department of
Veterans Affairs, the Department of Homeland Security, the
Administrative Office of the U.S. Courts, and the Centers for
Medicare & Medicaid Services, with principal locations in Bedford,
Mass., and McLean, Va.
Safe Harbor for Forward-Looking Statements
This press release may
contain forward-looking information within the meaning of the Private
Securities Litigation Reform Act of 1995 and Section 21E of the
Securities Exchange Act of 1934, as amended (the Exchange Act),
including all statements that are not statements of historical fact
regarding the intent, belief or current expectations of the company,
its directors or its officers with respect to, among other things:
(i) the company's financing plans; (ii) trends affecting the
company's financial condition or results of operations; (iii) the
company's growth strategy and operating strategy; and (iv) the
declaration and payment of dividends. The words "may," "would,"
"will," "expect," "estimate," "anticipate," "believe," "intend" and
similar expressions and variations thereof are intended to identify
forward-looking statements. Investors are cautioned that any such
forward-looking statements are not guarantees of future performance
and involve risks and uncertainties, many of which are beyond the
company's ability to control, and that actual results may differ
materially from those projected in the forward-looking statements as
a result of various factors. Wave assumes no duty to and does not
undertake to update forward-looking statements.
All brands are the property of their respective owners.
Press spacebar to pause and continue. Press esc to stop.